Windows Server 2003 Maintenance Made Easy (Continued)

AD is the heart of the Windows Server 2003 environment. As objects are added, modified, or deleted from the AD database or the schema is modified, these interactions with the database can cause fragmentation. Windows Server 2003 performs online defragmentation nightly to reclaim space in the AD database. However, the database size doesn't shrink unless you perform offline defragmentation. Figure 3 shows the differences in fragmented versus defragmented AD databases.

Performing offline defragmentation and compaction of the AD database requires the domain controller to be rebooted. As such, this maintenance routine can be run on a less frequent basis. Ntdsutil is the tool for maintaining AD databases. It defragments the AD database and also performs other routines such as cleaning up metadata left behind by abandoned domain controllers and managing Flexible Single Master Operations (FSMO).

To use Ntdsutil to defragment the AD database, do the following:

1. Restart the DC and when the initial screen appears, press the F8 key.
2. From the Windows Advanced Options menu, select Directory Services Restore Mode.
3. In the next screen, select the Windows Server 2003 operating system being used and then log on to the system.
4. Click OK when the informational message appears.
5. At a command prompt, type ntdsutil files.
6. At the File Maintenance prompt, type compact to %s, where %s identifies an empty target directory. This invokes esentutl.exe to compact the existing database and write to the specified directory. Figure 4 illustrates the compaction process.
7. If compaction was successful, copy the new ntds.dit file to %systemroot%\NTDS and delete the old log files found in %systemroot%\NTDS.
8. Type quit twice to exit the utility and then restart the computer.

Other uses for the Ntdsutil include:

Integrity: Performs an integrity check on the database, which detects any kind of low-level database corruption. This can take a long time to process if the AD database is large. It's important to note that you should always run Recover prior to running an integrity check.

Recover: Attempts to perform a soft recovery of the database. This task scans the log files and ensures all committed transactions therein are also reflected in the data file. Table 1 summarizes some of the maintenance tasks and recommendations discussed.

As administrators, it is easy to get caught up in firefighting and the daunting tasks of Windows Server 2003 administration. However, it is important to structure and prioritize system management and maintenance to help prevent unnecessary amounts of downtime and other such problems. Following a management and maintenance regimen reduces administration, maintenance, and business expenses while at the same time increasing reliability, stability, and security. These tasks appear simple. However, if they are not done with regularity, administrators will find themselves with a lot of explaining to do.

About the Authors
Kenton Gardinier, MSCE, CISSP, and MCSA, is a senior consultant with Convergent Computing. He is the author of several books on topics such as Windows, Exchange, security, SharePoint, performance, and systems management.

John McMains, MSCE, is a senior consultant with NLighten Inc. He has authored and contributed to numerous books and magazine articles on a variety of technical and business-related topics.